The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Structured Threat Information eXpression (STIX) is a standardized XML programming language for encoding descriptions of cybersecurity threats that may be detected in computer networks. Typical expressions in the language include components called observables that may be concatenated using Boolean operators. If the expressions are complex and used to characterize complex threats, then machine processing, reading or understanding of the expressions becomes more difficult. As the complexity of the threats increases, so does the complexity of the STIX expressions, which may be difficult to parse as they may include multi-level and convoluted logical interdependencies.
Another issue is scalability of the STIX expressions. Processing and interpreting the STIX expressions using the amount of computing power that is typically available may be quite challenging especially when the count of observables increases to hundreds or thousands. Interpreting complex STIX expressions may be often challenging and time consuming.